user deletions: fix error when given incorrect password.

Use validations instead of raising an exception when the password is
incorrect so that the controller can display errors sensibly.

Also fix users being logged out even when the deletion attempt failed
due to an incorrect password.

test/functional/maintenance/user/deletions_controller_test.rb

@@ -16,9 +16,20 @@ module Maintenance
         end
 
         context "#destroy" do
-          should "render" do
-            delete_auth maintenance_user_deletion_path, @user, params: {:password => "password"}
-            assert_redirected_to(posts_path)
+          should "delete the user when given the correct password" do
+            delete_auth maintenance_user_deletion_path, @user, params: { user: { password: "password" }}
+            assert_redirected_to posts_path
+            assert_equal(true, @user.reload.is_deleted?)
+            assert_equal("Your account has been deactivated", flash[:notice])
+            assert_nil(session[:user_id])
+          end
+
+          should "not delete the user when given an incorrect password" do
+            delete_auth maintenance_user_deletion_path, @user, params: { user: { password: "hunter2" }}
+            assert_redirected_to maintenance_user_deletion_path
+            assert_equal(false, @user.reload.is_deleted?)
+            assert_equal("Password is incorrect", flash[:notice])
+            assert_equal(@user.id, session[:user_id])
           end
         end
       end